A federal lawsuit has been filed against Pennsylvania and a vendor contracted by the state’s Department of Health (DOH) over a data breach that exposed the personal health information (PHI) of thousands of Pennsylvanians. The DOH hired Atlanta-based company Insight Global in 2020 “to provide contact tracing and other similar services” following the outbreak of COVID-19. The Department later said that employees of the company caused a data breach by creating “unauthorized documents outside of the secure data systems…

Mitigating bot attacks is a major concern for security leaders, according to new research published yesterday by cybersecurity company Human (formerly White Ops). The “2021 Bot Management Trends” report, which is based on a survey conducted by Enterprise Strategy Group (ESG), exposed worries regarding a string of threats posed by bots.   In the first quarter of 2021, ESG asked 425 cybersecurity and IT decision makers with application security knowledge and responsibilities for their organizations about their perceptions of…

The UK’s National Cyber Security Centre (NCSC) has published a set of security principles to underpin the development of so-called smart cities. Titled Connected Places Cyber Security Principles, the guidance aims to help local authorities in the UK embrace the benefits of connected places, while at the same time ensure they are resilient to cyber-attacks. The smart city concept involves the use of connected technology, such as IoT devices, to collect data and enhance services within…

When gyms were forced to close last year, you likely looked for other ways to get some exercise and stay active during quarantine. From investing in a few pairs of dumbbells or perhaps downloading an app or two to help you track your workouts, you found alternatives to help you break a sweat. As an accessible, easy way to release endorphins, running quickly grew in popularity along with the platforms that help runners stay accountable. According to Runner’s World, there was a 34% uptick in outdoor…

When gyms were forced to close last year, you likely looked for other ways to get some exercise and stay active during quarantine. From investing in a few pairs of dumbbells or perhaps downloading an app or two to help you track your workouts, you found alternatives to help you break a sweat. As an accessible, easy way to release endorphins, running quickly grew in popularity along with the platforms that help runners stay accountable. According to Runner’s World, there was a 34% uptick in outdoor…

DevOps is speeding up software release cycles like never before. But according to GitLab’s latest survey, finger-pointing over who should be in charge of security remains an issue – as do some familiar old developer headaches. GitLab’s 2021 DevSecOps report surveyed 4,300 software professionals Getty Images/iStockphoto DevSecOps tools are enabling developers to release new code faster than ever – yet testing, code review and disagreements over who is in charge of security remain sticking points…

Millions of households could be at risk of cyber-attack because they’re running outdated and unpatched routers, a new investigation has found. Unprotected routers are an increasingly popular target for attackers, theoretically enabling them to hijack smart home devices and eavesdrop on communications and web browsing. Consumer rights group Which surveyed more than 6000 UK adults back in December to find out which router models they were using. Extrapolating this data, it calculated that as many as 7.5…

An organization involved in COVID-19 research lost a week’s worth of critical data after a Ryuk attack which used a stolen password, according to Sophos. Cybersecurity vendor Sophos revealed the case yesterday as a cautionary tale of what can happen when organizations don’t follow security  best practice. The problem was traced back to one of the university students that the European research institute collaborates with as part of its outreach programs. That student obtained what…

A misconfigured database has exposed what appears to be a major coordinated scheme by Amazon vendors to procure fake reviews for their products. At team at AV reviews site SafetyDetectives found the China-based Elasticsearch server exposed online without any password protection or encryption. The 7GB trove contained over 13 million records including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, surnames, PayPal account details and Amazon account profiles of reviewers. According…